re: I learned enough Web Crypto to be dangerous VIEW POST

FULL DISCUSSION
 

Great article.
We are in the same boat as u and struggling to see how it can be achieved and if it is worth doing over and above just using Https to transport the sensitive data.
U mention 'I learned quickly that asymmetric key pairs are (usually) used to encrypt symmetric keys and a symmetric key is used to encrypt the data.' have u any info/references for this 'best practise'?
Did u actually end up with a viable production quality solution?
Thanks for your time.
Regards
John

 

I don't have a best practice reference. It might have been mentioned here schneier.com/books/applied_cryptog... but I only read about a third of that book back in 1998. If I recall, I asked a very experience dev how it was done and he mentioned it was done that way (the guy I asked used to work on a S/MIME toolkit back in the day).

My solution worked when I tested it but it never actually shipped. The company I worked for folded (for other reasons!) before it was deployed.

 

Thanks for the prompt response and the great article.

code of conduct - report abuse